#Debugging

  1. VPNStatus, a replacement for macOS builtin VPN Status

    In this post I present VPNStatus, an application that replicates some functionalities of macOS built-in VPN status menu: list the VPN services and their status connect to a VPN service disconnect from a VPN service possibility to auto connect to a VPN service if the application is running This application also allows to auto connect to an IKEv2 VPN service, something that is currently not possible on macOS.
    [Read More]
  2. macOS VPN architecture from System Preferences down to nesessionmanager

    macOS 10.13 contains a built-in VPN client that natively supports L2TP over IPSec as well as IKEv2. In this post I describe some parts of the internal architecture of the macOS VPN client. This information will be used in a following article to build an application that replicates some functionalities of the VPN status in the menu bar. This application will also allow to auto connect to an IKEv2 VPN service, something that is currently not possible on macOS.
    [Read More]
  3. Facebook.app for iOS [v. 88.0] cleans up duplicates

    This post follows up the Analysis of the Facebook.app for iOS [v. 87.0]. The version 88.0 of the Facebook.app has now been released: As you can see from the smaller download size, the duplicated resources have been removed. This is confirmed by looking at the app content using GrandPerspective: Only some really small resources escaped the cleanup. The ‘FBFacecastTipJarResources’ resources are indeed still duplicated. Example: Facebook.app/Frameworks/FBSharedFramework.framework/FBFacecastTipJarResources/tip3b.json.gz Facebook.app/Frameworks/FBSharedFramework.framework/tip3b.json.gz
    [Read More]
  4. Analysis of the Facebook.app for iOS [v. 87.0]

    6 months ago I analyzed the version 66.0 of the Facebook.app for iOS: https://blog.timac.org/2016/1018-analysis-of-the-facebook-app-for-ios The version 66.0 was a 165 MB app on an iPad Air 2 (64-bit). It was a monolithic app with its main binary being more than 100 MB. The version 87.0 is now available: 253 MB on the same iPad Air 2 with only 64-bit code. In just 6 months, the Facebook.app size grew by 88 MB!
    [Read More]
  5. Deobfuscating libMobileGestalt keys

    /usr/lib/libMobileGestalt.dylib is a private library which provides an API to retrieve the capabilities of the iOS device, as well as some runtime information: system version, build version, device type, current status of the airplane mode, … The implementation is similar to a key-value database. The library exposes a simple function to retrieve the value for a specified key: id MGCopyAnswer(NSString *inKey); When calling this method with a key, it returns the associated value stored in the database, or nil if the key does not exist.
    [Read More]
  6. Testing if an arbitrary pointer is a valid Objective-C object

    Let’s say you pick a random pointer. Can we know if it points to a valid Objective-C object? Of course without crashing… Well there is no simple solution. In this post I give a solution for 64-bit architectures. The code provided has only been tested on macOS 10.12.1 and iOS 10.1.1 with the modern Objective-C runtime. There is not much documentation available on this subject. There is one article written in 2010 by Matt Gallagher but the content is outdated and not working properly anymore.
    [Read More]
  7. Analysis of the Facebook.app for iOS

    Did you ever wonder why the Facebook.app for iOS is such a big download? This post tries to give some answers. The version 66.0 (released on 7 October 2016) was analyzed on an iPad Air 2 (64-bit). Here is what you see when downloading Facebook on an iPad Air 2: App content A scan of the content of the Facebook app using GrandPerspective gives already a good overview:
    [Read More]
  8. constructor and destructor attributes

    GCC (and Clang) supports constructor and destructor attributes: __attribute__((constructor)) __attribute__((destructor)) Description A function marked with the __attribute__((constructor)) attribute will be called automatically before your main() function is called. Similarly a function marked with the __attribute__((destructor)) attribute will be called automatically after your main() function returns. You can find the GCC documentation here: constructor destructor The constructor attribute causes the function to be called automatically before execution enters main ().
    [Read More]
  9. State Preservation and Restoration Debug Logs

    The State Preservation and Restoration system is well documented here: Preserving Your App’s Visual Appearance Across Launches. But what is not well known is that there is a secret preference to enable debug logs. You can set the preference UIStateRestorationDebugLogging to YES in your main function before the call to UIApplicationMain: [[NSUserDefaults standardUserDefaults] setBool:YES forKey:@"UIStateRestorationDebugLogging"]; There is also a less useful ‘Developer Mode’ secret preference which will skip the deletion of the restoration archive when the app crashes.
    [Read More]
  10. Checking if Reduced Motion is enabled on iOS 7

    Apple introduced in iOS 7.0.3 a setting to reduce motion ( http://support.apple.com/kb/HT5595 ) : Settings -> General -> Accessibility -> Reduce Motion Sadly there is no public API to know if the user enabled “Reduce motion”. Here is how to get the value of this setting using a private API. Note that you should not use this code for applications submitted to the App Store. #include <dlfcn.h> + (BOOL) reduceMotionEnabled { BOOL (*_UIAccessibilityReduceMotionFunction)(void) = (BOOL (*)(void)) dlsym(RTLD_DEFAULT, "_UIAccessibilityReduceMotion"); if(_UIAccessibilityReduceMotionFunction !
    [Read More]